Latest CVE Feed
-
9.8
CRITICALCVE-2025-66048
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger the... Read more
Affected Products : libbiosig- Published: Dec. 11, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-12963
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.29. This is due to the plugin not properly valid... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14619
A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument stud_no results in sql injection. The attack may... Read more
Affected Products : student_file_management_system- Published: Dec. 13, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-50401
Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.... Read more
- Published: Dec. 16, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-67530
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-68565
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.... Read more
Affected Products : twitch_player- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-14565
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql ... Read more
Affected Products : courseselectionsystem- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14733
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +25 more products- Actively Exploited
- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14583
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. T... Read more
Affected Products : online_student_enrollment_system- Published: Dec. 12, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-66043
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger the... Read more
Affected Products : libbiosig- Published: Dec. 11, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14590
A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attac... Read more
- Published: Dec. 13, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11693
The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible f... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-59718
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4... Read more
- Actively Exploited
- Published: Dec. 09, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-66044
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger the... Read more
Affected Products : libbiosig- Published: Dec. 11, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-53963
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is ... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-67518
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through <= 1.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14643
A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack... Read more
Affected Products : simple_attendance_record_system- Published: Dec. 14, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67516
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.6.2.... Read more
Affected Products : store_locator- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67489
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decod... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-14326
Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Memory Corruption